+2007-12-10 Ingmar Schlecht <ingmar@typo3.org>
+
+ * (security) Fixed a low-severity SQL injection in the modfunc2 of indexed_search (only exploitable by BE users, and severity limited because addslashes() was already applied to the value - yet not within a quoted string) (Thanks to Henning Pingel for findind the issue and Andreas Otto for the fix)
+
2007-12-06 Benjamin Mack <mack@xnos.org>
* (bugfix) Fixed #1678: limit to language; still can delete and move content element (Thanks to Helmut Hummel)
* @return string html table with results
*/
function showStats() {
- global $LANG,$HTTP_GET_VARS,$TYPO3_CONF_VARS;
+ global $LANG, $TYPO3_CONF_VARS;
$conf['words']=50; // max words in result list
- $conf['bid']=$HTTP_GET_VARS['id']; // pageid for several statistics
+ $conf['bid'] = intval(t3lib_div::_GET('id')); // pageid for several statistics
$addwhere1=''; // all records
$addwhere2=' AND tstamp > '.(time()-30*24*60*60); // last 30 days
$queryParts['SELECT']= '*, COUNT(*) AS c';
$queryParts['FROM']='index_stat_word';
- $queryParts['WHERE']=sprintf('pageid= %s '.$addwhere, $conf['bid']);
+ $queryParts['WHERE']=sprintf('pageid= %d '.$addwhere, $conf['bid']);
$queryParts['GROUPBY']='word';
$queryParts['ORDERBY']='c DESC,word';
$queryParts['LIMIT']=$conf['words'];